September, 2018

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured data. Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

Facebook hacked – 50 Million Users’ Data exposed in the security breach

Security Affairs

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet.

Access 110

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.

Tools 284

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

WIRED Threat Level

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it. Security

NSA Attacks Against Virtual Private Networks

Schneier on Security

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.".

More Trending

Are You Ever Finished With Information Governance?

Weissman's World

We at Holly Group spend our days working with clients to help them improve their Current State of information and move them towards their desired Future State. But a recent conversation with one of them raised a very interesting question: Is it possible for an organization to ever be finished?

GovPayNow.com Leaks 14M+ Records

Krebs on Security

Government Payment Service Inc. — a company used by thousands of U.S.

Tips 250

Ransomware Crypto-Locks Port of San Diego IT Systems

Data Breach Today

Port Remains Open and Accessible to Ships, Officials Say Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline.

Social Media Too Shall Pass

John Battelle's Searchblog

At dinner last night with my wife and our 14 year-old daughter, I noticed a circular table of four teenage girls eating alone. They were about the same age as my daughter, who wasn’t exactly thrilled to be stuck with her parents as company on her first weekend of the school year.

Groups 108

Quantum Computing and Cryptography

Schneier on Security

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today.

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.

Need an Information Roadmap? First Know Where You Are

Weissman's World

Throughout my years of working with organizations on their information management and technology initiatives, I have often heard clients and vendors say “Where is the roadmap?” and “We need a roadmap.” My response is always the same: First you must know where you are. What is the current state?

Groups 156

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

Krebs on Security

The U.S.

Video 245

Europe Catches GDPR Breach-Notification Fever

Data Breach Today

Privacy Law is Fast Revealing the True Extent of Data Breaches Across UK and EU Less than four months after GDPR went into enforcement, Europe has arguably entered the modern data breach era.

GDPR 247

Understanding IoT Security Challenges – An Interview with an Industry Expert

Thales Data Security

The Internet of Things (IoT) is rapidly growing and expected to affect all industry verticals as well as our private lives.

IoT 98

Counting People Through a Wall with WiFi

Schneier on Security

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other.

Paper 107

NEW TECH: Critical Start applies ‘zero-trust’ security model to managed security services

The Last Watchdog

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more. Related: Delivering useful intel to MSSPs. Companies are gravitating to MSSPs in a big way.

What to expect when you’ve suffered a data breach

IT Governance

So, a colleague has just come to your desk and told you that your organisation’s systems have been breached. Now what? This is a situation that more and more organisations are having to deal with.

In a Few Days, Credit Freezes Will Be Fee-Free

Krebs on Security

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents.

Tools 227

'Magecart' Card-Sniffing Gang Cracks Newegg

Data Breach Today

E-Commerce Site Investigates Malware Attack and Payment Card Data Theft Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month.

Retail 240

The Impact of Artificial Intelligence and Cognitive Computing

Perficient Data & Analytics

In the realm of healthcare, artificial intelligence (AI) and cognitive computing continue to gain momentum, and they have the potential to revolutionize healthcare. In fact, Forrester predicts that 70% of enterprises are anticipated to implement AI in 2018.

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Schneier on Security

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers.

How To 106

NEW TECH: WhiteSource leverages automation to mitigate lurking open-source vulnerabilities

The Last Watchdog

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.

Two thirds of organisations unlikely to survive a data breach

IT Governance

Two thirds of UK organisations are uninsured against the financial impact of a data breach, a survey has revealed.

Beware of Hurricane Florence Relief Scams

Krebs on Security

Tips 221

Police in Europe Tie Card Fraud to People-Smuggling Gang

Data Breach Today

If Software Is Eating the World, What Will Come Out the Other End?

John Battelle's Searchblog

So far, it’s mostly s**t. Seven or so years ago, a famous VC penned a manifesto of sorts. Writing at a time the world was still skeptical of the dominance to which his industry has now ascended (to think, such a time existed, and so few years ago!),

Public Shaming of Companies for Bad Security

Schneier on Security

Troy Hunt makes some good points , with good examples. psychologyofsecurity securityengineering securitypolicies

Q&A: Reddit breach shows use of ‘SMS 2FA’ won’t stop privileged access pillaging

The Last Watchdog

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

Access 133

To Make the Internet of Things Safe, Start with Manufacturing

Thales Data Security

Vincent Van Gogh is believed to have said “Great things are … done … by a series of small things brought together.” This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business.

IoT 93

U.S. Mobile Giants Want to be Your Online Identity

Krebs on Security

The four major U.S.

Wielding EternalBlue, Hackers Hit Major US Business

Data Breach Today

Luckily, Firm Was Only Infected With Cryptocurrency-Mining Malware Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S.

Mining 231

The Promise of Next Generation of Digital Health

Perficient Data & Analytics

By 2022, we predict 25% of healthcare consumer interactions will be digitally executed outside of a traditional care setting; while the remaining 75% will gravitate to digitally coordinate real-time health systems. Digital Health is coming of age, bringing with it new capabilities for healthcare interactions and care delivery for consumers, patients and members, and the ecosystem that supports them.